INFO: Netgear router vulnerabilities

Dec 14, 2016 | Information

The following routers are vulnerable as below. New firmware has been released for some of the models and is available from here: http://kb.netgear.com/000036386/CVE-2016-582384

Vulnerability Note VU#582384

Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, R6400, firmware version 1.0.1.12_1.0.11 and possibly earlier, and R8000, firmware version 1.0.3.4_1.1.2 and possibly earlier, contain an arbitrary command injection vulnerability.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting:

http:///cgi-bin/;COMMAND

An exploit demonstrating these vulnerabilities has been publicly disclosed.

Netgear’s advisory confirms that the R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 are vulnerable, though affected firmware versions are not enumerated. The vendor has indicated that their advisory will be updated as firmware updates are released.

Possible LNS Issue 01/12/2016

Dec 1, 2016 | Information

We are seeing some oddness on one of our LNS routers which terminates some of our broadband circuits. We believe this is only affecting our management access and not the service provided over this.

We are working with the vendor to understand this and hopefully resolve this. Assuming this is not customer affecting we may need to reboot this LNS later this evening causing a brief network blip as the sessions re-connect.

IF we find this is affecting service earlier we may have to perform the reboot earlier. We will update this as we know more